Skip to main content

Setup of Single Sign-On

Dan Kenneth Offengård
  • Updated
Not yet followed by anyone

You can use Microsoft Entra ID to log into SEMINE via Single Sign-On (SSO).
The following outlines the steps required to setup SSO accurately using Microsoft Entra ID with SEMINE.

  • Select "Edit organization" in the Admin panel in Semine.

    SSO.PNG

  • Then select the Single Sign-on Setup tab.
    • Enabled - Activate Single Sign-On.
    • Display Name : Choose the display name for the login button.
    • Tenant ID: Provided by customer's IT department/Partner.
    • Application ID: Provided by customer's IT department/Partner.
    • Callback Path: [unique and predetermined] Set a unique Callback Path in the customer's Entra setup.
    • Optional: Restrict login to SSO only
    • Domain name: Set the domain name to customer's domain(s) (e.g.,domainName1.com, domainName2.com)


Microsoft Entra ID

Typically, your IT department or operating partner, responsible for managing O365/Entra, handles these tasks.

App Registrations

Photos_HCCnFXXAF1.png

Go to Register an Application

  • Name : SemineSSO
  • Supported Account Types : Select: Accounts in this organizational directory only .
  • Redirect URI : Retrieve from the SSO tab in Semine, specifically from the Callback-Path field.


chrome_EYrLTwp7jQ.png

Overview

Semine requires the following two values, and you need to input them into the Semine interface:

  • Application (client) ID - Enter this into the field labeled Application Id
  • Directory (tenant) ID - Enter this into the field labeled TenantId / Authority


Photos_sVJNgS4Qrp.png

Certificates & Secrets

  • Click on Certificates & Secrets
  • Then on New client secret

Photos_qtJ63vlesv.png

Create a New Client Secret
Generate a new client secret with the following details:

  • Description: SemineSSO
  • Expires: Optional, based on the customer's preference.


Click Add

chrome_U7rdy4cPs6.png

It should now appear as follows:

Photos_pePY1MvkbB.png

Then select Token configuration

  • Click on Add optional claim
  • Token Type: Select ID and then select e-mail


chrome_MjUg0GfLKe.png


In the next dialog box, check the following and then click Add

chrome_GW4BJbmtsf.png

  • Go to Authentication
    • Check the box for Id Tokens
    • Select "Yes" on enable the following mobile and desktop flows


chrome_ic34I5qjnN.png

  • Once you've saved the values in the SSO tab for Semine, SSO will be activated by a nightly job. Please inform support@semine.no if SSO is not working the day after your SSO setup is finished, or if activation is time critical and we need to do this manually.  
  • Once confirmation of activation is received, you can sign in by clicking the button with your chosen name.

    SSO button.PNG

 

Related articles

Comments

0 comments

Article is closed for comments.